WASHINGTON D.C.– Congresswoman Claudia Tenney (NY-22) member of the House Foreign Affairs Committee was joined by a number of other representatives, in sending a letter to New York Governor Kathy Hochul expressing concerns over New York's continued business with Chinese state-owned and directed companies, despite the known security threats these companies pose to private information.
Tenney highlighted the purchases of surveillance technologies from companies blacklisted by the U.S. government for their roles in the Chinese Communist Party’s human rights abuses against Uyghur Muslims in the Xinjiang Uyghur Autonomous Region.
This letter was featured by China Tech Threat as an exclusive.
In part, the lawmakers write, “In 2019, the Department of Defense Inspector General found that Lenovo and Lexmark posed significant threats both to supply chain and national security. This same report outlined Lenovo’s risk for “cyberespionage” and noted Lexmark’s Chinese “state-influence” and long record of security vulnerabilities.
We are deeply troubled that New York State continues to do business with these companies, despite recommendations from our country’s military and intelligence agencies and institutions.”
The letter can be read below.
Dear Governor Hochul:
Recently, it has come to light that New York State has spent tens of millions of dollars on technology products from Chinese state-owned and directed companies.
Several of these companies are prohibited from use and procurement by federal agencies due to the security risks they pose. In addition, State and local government agencies are reported to have purchased and currently use surveillance equipment from sanctioned Chinese technology firms. Failing to comply with, or even consider, restrictions set by the federal government is deeply concerning. It exposes citizens to new threats and makes our state and nation less safe.
According to purchasing summaries from New York State Comptroller DiNapoli, New York has spent more than $15 million on contracts for Lenovo computers, systems, and information technology (IT) services and nearly $14 million on contracts with Lexmark for printers and related services.
As you may be aware, these companies have been banned by numerous federal agencies due to their security vulnerabilities. Hackers and foreign adversaries, such as the Chinese Communist Party, can take advantage of access to sensitive information.
In 2019, the Department of Defense Inspector General found that Lenovo and Lexmark posed significant threats both to supply chain and national security. This same report outlined Lenovo’s risk for “cyberespionage” and noted Lexmark’s Chinese “state-influence” and long record of security vulnerabilities. We are deeply troubled that New York State continues to do business with these companies, despite recommendations from our country’s military and intelligence agencies and institutions.
In addition to New York State’s lax practices relating to IT cybersecurity and espionage protections, the State apparently lacks sufficient controls with respect to technology firms involved in human rights violations. According to reporting by IPVM, dozens of state and local government entities, which receive state funding, procured Chinese surveillance equipment from Hikvision and Dahua. These two firms are currently sanctioned by the federal government for their national security risks and participation in human rights abuses, specifically “the implementation of China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups in the XUAR.”
As New York State looks to allocate federal funding, including from recent COVID-19 legislation, for IT systems uses, we write to request further information about your plans to protect the security of our constituents and ensure that New York is not putting itself and the nation at risk. We request answers to the following questions about the current state of technology security oversight:
1)Does New York State’s procurement process include any protections to ensure it does not purchase technology products with known cybersecurity vulnerabilities or from companies sanctioned by the federal government for human rights abuses?
2)If New York State does not have such protections, how do you plan to protect New Yorkers from exposure to foreign cyber threats and from assisting in financing activities contributing to the current genocide of Uyghur Muslims in the Xinjiang Uyghur Autonomous Region?
3) Do you have any plans to nullify existing contracts with companies whose products pose a security risk, including Lenovo and Lexmark?
4) How much federal COVID-19 relief money does New York State plan on spending to update its IT systems?
50 How will appropriate safeguards be used to make sure products and services purchased using federal COVID-19 relief funds do not come from companies identified as national security risks or those sanctioned for human rights abuses?
We request a response no later than December 27, 2021. Thank you for your attention to this critical matter.
– From Congresswoman Claudia Tenney (NY-22)